Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical2
High1
Medium1
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2026-02-10

CVE-2026-0863 - N8n Plugin

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode. If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the…

PLUGIN N8n

CVE-2026-0863

HIGH CVSS 8.5 2026-01-18
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2026-21894 - N8n Plugin

n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were not verified against this secret. As a result, any HTTP client that knows the webhook URL could send a POST request containing a matching event type, causing the workflow to execute as if…

PLUGIN N8n

CVE-2026-21894

MEDIUM CVSS 6.5 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2026-21877 - N8n Plugin

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.

PLUGIN N8n

CVE-2026-21877

CRITICAL CVSS 9.9 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-21858 - N8n Plugin

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

PLUGIN N8n

CVE-2026-21858

CRITICAL CVSS 10.0 2026-01-08
Open Full Technical Breakdown
Scroll to top